Site-to-Site VPN Connection IPsec parameters

Eugene Lee 21 Reputation points
2021-02-05T00:12:22.68+00:00

Hi there,

I am looking to potentially setup a site-to-site VPN tunnel between our Azure gateway and customer site. However, the customer minimum VPN requirements are the following:

IKE (Phase 1)
Encryption: AES256
Hash: SHA348

IPsec (Phase 2)
Encryption: AES256
Hash: SHA384

I've searched online for documentation regarding the VPN parameters available for Azure (https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-compliance-crypto) and it seems that Azure does not support IPsec hash SHA384. Is this absolutely the case or is there a customizable way of enabling/selecting that parameter?

Thank you in advance!
Eugene Lee

Azure VPN Gateway
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,414 questions
0 comments No comments
{count} votes

Accepted answer
  1. suvasara-MSFT 10,016 Reputation points
    2021-02-09T06:16:19.817+00:00

    @Eugene Lee , Apologies for the delay in response. As of now SHA 384 hash length is not yet confirmed supportive algorithm for IPSEC tunnel. This might be added in near future. Please take a few minutes to submit your idea in the one of the forums available on here or vote up an idea submitted by another Azure customer. All the feedback you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Azure.

    ----------

    Please do not forget to "Accept the answer" wherever the information provided helps you to help others in the community.

    0 comments No comments

0 additional answers

Sort by: Most helpful